| Summary: | Firefox 3.5.5 issue tracking bug (CVE-2009-3978) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | A3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Alex Legler (RETIRED)
2010-04-01 16:04:04 UTC
CVE-2009-3978 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978): The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. It seems no vulnerable versions are in the tree. Should we make the decision about GLSA for users who might still have it installed? Added to pending GLSA request. This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle). |